General
-
Target
emotet_e2_bbfe3ea8f9858dd6c471597af70f3dffd7eb6ca27a380dec530dca5db68ca7e0_2021-01-12__223535820150._doc
-
Size
157KB
-
Sample
210112-6rdntgay82
-
MD5
f9f0c329ff4e6d31153e17ae4418bb0b
-
SHA1
605fa87cb3d4fde975796f21a3bbe83f068a8a4f
-
SHA256
bbfe3ea8f9858dd6c471597af70f3dffd7eb6ca27a380dec530dca5db68ca7e0
-
SHA512
7904a18b7752b552c79ef1208d69361229bf327a4dcedc785feefe0742d5995630988ae9681d3d7784c84f658b772c367538cbe4148da3a5b2b93a75a2cae1a1
Static task
static1
Behavioral task
behavioral1
Sample
emotet_e2_bbfe3ea8f9858dd6c471597af70f3dffd7eb6ca27a380dec530dca5db68ca7e0_2021-01-12__223535820150._doc.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_e2_bbfe3ea8f9858dd6c471597af70f3dffd7eb6ca27a380dec530dca5db68ca7e0_2021-01-12__223535820150._doc.doc
Resource
win10v20201028
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
emotet_e2_bbfe3ea8f9858dd6c471597af70f3dffd7eb6ca27a380dec530dca5db68ca7e0_2021-01-12__223535820150._doc
-
Size
157KB
-
MD5
f9f0c329ff4e6d31153e17ae4418bb0b
-
SHA1
605fa87cb3d4fde975796f21a3bbe83f068a8a4f
-
SHA256
bbfe3ea8f9858dd6c471597af70f3dffd7eb6ca27a380dec530dca5db68ca7e0
-
SHA512
7904a18b7752b552c79ef1208d69361229bf327a4dcedc785feefe0742d5995630988ae9681d3d7784c84f658b772c367538cbe4148da3a5b2b93a75a2cae1a1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-